44caliber | 5956fe13a88b4ee1006ba35a0c2bb1797c9d925c453c368aac628870ca8ee4ba | Triage

Submit
Reports

Overview

overview

Static

static

loader.exe

windows7_x64

loader.exe

windows10-2004_x64

Sharing

General

Target

loader.bin
Size

15.8MB
Sample

220626-s4rqjabder
MD5

75941eabd47ddaa0529e6bf66068eccd
SHA1

34d7b2683a149871591d3629b4da456064331ebd
SHA256

5956fe13a88b4ee1006ba35a0c2bb1797c9d925c453c368aac628870ca8ee4ba
SHA512

6d64ee77f9f08b3843031825e110a787efe81dddc72355e636659d53cdf697d663ff9c655cd89d41b5afeab88b8a3f7e4a2b049d77eb705e3c6b7ac817ea0c03

Score

10^/10

44caliber spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

loader.exe

Resource

win7-20220414-en

44caliber spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

loader.exe

Resource

win10v2004-20220414-en

44caliber spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/973580174689964083/2sajMUbGeKbojdqVMbPo-qtidMXn5a7QaYSzjXpRpUgg81vxQoCnZ2D4zH6jyVu9DL96

Targets

- Target
  
  loader.bin
- Size
  
  15.8MB
- MD5
  
  75941eabd47ddaa0529e6bf66068eccd
- SHA1
  
  34d7b2683a149871591d3629b4da456064331ebd
- SHA256
  
  5956fe13a88b4ee1006ba35a0c2bb1797c9d925c453c368aac628870ca8ee4ba
- SHA512
  
  6d64ee77f9f08b3843031825e110a787efe81dddc72355e636659d53cdf697d663ff9c655cd89d41b5afeab88b8a3f7e4a2b049d77eb705e3c6b7ac817ea0c03
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer

© 2018-2024

Terms | Privacy